marc & shb

2 exploits Active since Feb 2006
CVE-2006-4208 EXPLOITDB text WRITEUP
Skippy WP-DB-Backup plugin for WordPress <= 1.7 - Authenticated Directory Traversal via Backup Parameter
Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.
CVE-2006-0857 EXPLOITDB text WORKING POC
e107 Chatbox Plugin 1.0 - Stored Cross-Site Scripting via Chatbox Input
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.